CDPSE Online Practice Questions and Answers

What type of personal information can be collected by a mobile application without consent?

A. Full name

B. Geolocation

C. Phone number

D. Accelerometer data

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

A. Access is logged on the virtual private network (VPN).

B. Multi-factor authentication is enabled.

C. Active remote access is monitored.

D. Access is only granted to authorized users.

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

A. Data custodian

B. Privacy data analyst

C. Data processor

D. Data owner

When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

A. The key must be kept separate and distinct from the data it protects.

B. The data must be protected by multi-factor authentication.

C. The key must be a combination of alpha and numeric characters.

D. The data must be stored in locations protected by data loss prevention (DLP) technology.

Which of the following describes a user's "right to be forgotten"?

A. The data is being used to comply with legal obligations or the public interest.

B. The data is no longer required for the purpose originally collected.

C. The individual objects despite legitimate grounds for processing.

D. The individual's legal residence status has recently changed.

In addition to lowering costs and improving performance, which of the following is the MOST compelling reason to archive data?

A. Improving business alignment

B. Restricting data access

C. Achieving compliance

D. Improving data confidentiality

Which of the following is the BEST way to convert personal information to non-personal information?

A. Encryption

B. Pseudonymization

C. Hashing

D. Anonymization

The BEST way to ensure the integrity of an organization's data is to log and review which of the following?

A. Network access

B. Patch updates

C. Data modifications

D. Data types

A debt collection agency is attempting to locate a debtor and collects information on several people with similar names. During the inquiry, some of these people are discounted. How should the agency decide what data is adequate, relevant, and limited?

A. The agency should keep only the minimum data needed to form a basic record of people removed from the search.

B. The agency should delete all personal data collected after the debtor is found.

C. The agency should keep the data collected but store in an anonymized format.

D. The agency should keep the data collected and mark an indication on the people removed from the search.

Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?

A. Data process flow diagrams

B. Data classification

C. Data collection standards

D. Data inventory